[meta-virtualization] [PATCH] lxc: Disable the bind-interfaces for lxc.

Haitaoliu Haitao.Liu at windriver.com
Tue Dec 19 01:27:42 PST 2017 


On 2017年12月19日 11:14, Mark Asselstine wrote:
> On Mon, Dec 18, 2017 at 8:58 PM, Liu Haitao <haitao.liu at windriver.com> wrote:
>> When enable lxc service it failed with the following errors:
>>
>> """
>> root at intel-x86-64:~# /usr/libexec/lxc/lxc-net start
>>
>>       dnsmasq: cannot set --bind-interfaces and --bind-dynamic
>>       Failed to setup lxc-net.
>> """
>>
>> It said that the "bind-interfaces" and "bind-dynamic" cannot cooperate together.
>> These two options have the same fundamental capacity of binding network interfaces.
>>
>> So dnsmasq just require one of this kind of option.
>>
>> For some reason ,the following commit  compulsively add the "bind-dynamic" option
>> for dnsamsq.
>>
>> """
>>          c3c4d977cbb51363f9030c2e39d56a772b29f73b
>> """
> It is not for "some reason", it is for a specific reason that is
> explained in detail in the commit log and in the comment that goes
> with the setting. Libvirt will have issues setting up virbr0 if we do
> not use 'bind-dynamic'.
>
> Now you aren't touching the dnsmasq.conf file which is good since you
> will not be breaking libvirt with this change but I will have to take
> a closer look at your approach to see if it valid for lxc-net. Really
> we should move the 'bind-dynamic' into a libvirt specific
> sub-configuration file in /etc/dnsmasq.d/, so something like
> /etc/dnsmasq.d/libvirt.conf, and then have another one for lxc
> (/etc/dnsmasq.d/lxc.conf). The main dnsmasq.conf file should be empty.
> But again I need to dig around a bit to remind myself of how things
> work.
>
> Did you do any testing other than lxc-net starting? did you validate
> the dnsmasq functions on the lxcbr0 that is bound to the new instance
> of dnsmasq?
I did not do any other test about lxc-net except starting.
if we don't remove 'bind-interfaces' , the lxcbr0 would also be created 
correctly . But the dnsmasq will fail. I have no idea if it has an 
influence on  IP address assignment of lxc.

I will validate it later.

thanks,
haitao
>
> MarkA
>
>> So we just remove 'bind-interfaces' in lxc service scripts.
>>
>> Signed-off-by: Liu Haitao <haitao.liu at windriver.com>
>> ---
>>   ...1-lxc-Disable-the-bind-interfaces-for-lxc.patch | 45 ++++++++++++++++++++++
>>   recipes-containers/lxc/lxc_2.0.8.bb                |  1 +
>>   2 files changed, 46 insertions(+)
>>   create mode 100644 recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
>>
>> diff --git a/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch b/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
>> new file mode 100644
>> index 0000000..fec6843
>> --- /dev/null
>> +++ b/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
>> @@ -0,0 +1,45 @@
>> +From 76533652915dcca2ce4265b320fd1c20a75adff8 Mon Sep 17 00:00:00 2001
>> +From: Liu Haitao <haitao.liu at windriver.com>
>> +Date: Sun, 17 Dec 2017 23:02:13 -0800
>> +Subject: [PATCH] lxc: Disable the bind-interfaces for lxc.
>> +
>> +When enable lxc service it failed with the following errors:
>> +"""
>> +    dnsmasq: cannot set --bind-interfaces and --bind-dynamic
>> +    Failed to setup lxc-net.
>> +"""
>> +It said that the "bind-interfaces" and "bind-dynamic" cannot
>> +cooperate together.
>> +These two options have the same fundamental capacity of binding
>> +network interfaces.
>> +So dnsmasq just require one of this kind of option.
>> +For some reason ,the following commit  compulsively add the "bind-dynamic" option
>> +for dnsamsq.
>> +"""
>> +       c3c4d977cbb51363f9030c2e39d56a772b29f73b
>> +"""
>> +So we just remove 'bind-interfaces' in lxc service scripts.
>> +
>> +Upstream-Status: Inappropiate [Modify configuration]
>> +
>> +Signed-off-by: Liu Haitao <haitao.liu at windriver.com>
>> +---
>> + config/init/common/lxc-net.in | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
>> +index f770950f..6f45228d 100644
>> +--- a/config/init/common/lxc-net.in
>> ++++ b/config/init/common/lxc-net.in
>> +@@ -128,7 +128,7 @@ start() {
>> +     done
>> +
>> +     dnsmasq $LXC_DHCP_CONFILE_ARG $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} \
>> +-            --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid \
>> ++            --strict-order --pid-file="${varrun}"/dnsmasq.pid \
>> +             --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} \
>> +             --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override \
>> +             --except-interface=lo --interface=${LXC_BRIDGE} \
>> +--
>> +2.11.0
>> +
>> diff --git a/recipes-containers/lxc/lxc_2.0.8.bb b/recipes-containers/lxc/lxc_2.0.8.bb
>> index c9ce5f0..5267bf7 100644
>> --- a/recipes-containers/lxc/lxc_2.0.8.bb
>> +++ b/recipes-containers/lxc/lxc_2.0.8.bb
>> @@ -36,6 +36,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
>>          file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
>>          file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
>>          file://cgroups-work-around-issue-in-gcc-7.patch \
>> +       file://0001-lxc-Disable-the-bind-interfaces-for-lxc.patch \
>>          "
>>
>>   SRC_URI[md5sum] = "7bfd95280522d7936c0979dfea92cdb5"
>> --
>> 2.11.0
>>
>> --
>> _______________________________________________
>> meta-virtualization mailing list
>> meta-virtualization at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/meta-virtualization

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/meta-virtualization/attachments/20171219/c559e166/attachment-0001.html>

More information about the meta-virtualization mailing list